Model Risk Management
Enabling A Firm Foundation for Model Risk Management
[tabs style=”default”] [tab title=”Executive Summary”]
Financial services organizations rely on models to analyze and represent outcomes that feed into the strategy, products, pricing, and risk. While models are critical to the business they are often seen as a mere tool without a full appreciation for their relationship and impact on the organization’s, decisions, and operations. Expanding use of models across the organization reflects the extent to which models improve business decisions. However, models come with risks when internal errors or misuse results in bad decisions. Regulators are increasing regulatory requirements and scrutiny into how financial services organizations govern and use models. To address increased regulatory scrutiny, but more importantly provide integrity to performance and strategy, financial services organizations need to provide a structured approach for model risk management. This approach needs to address the governance, lifecycle, and architecture of models to mitigate risk while capitalizing on the value when properly used. This includes the governance of end user computing controls that are the operational fabric of many models. Spreadsheets are the particular subject of increased regulatory scrutiny and control.
[/tab] [tab title=”Table of Contents”]
- Criticality of Models in Financial Services
- The Pervasive Use and Reliance on Models
- How Models Work
- When Models Fail
- Increasing Regulatory Pressure on Model Risk Management
- A Firm Foundation for Model Risk Management
- Model Risk Governance
- Model Risk Governance Committee
- Model Policies & Procedures
- Model Inventory
- Model Risk Management Lifecycle
- Model Risk Management Architecture
- ‘Modeling’ the Models
- Information Architecture
- Technology Architecture
- Model Risk Governance
- GRC 20/20’s Final Perspective
- About GRC 20/20 Research, LLC
- Research Methodology
[/tab] [tab title=”Author”]
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.